Passive reconnaissance involves collecting information without direct interaction with the target's systems, which mitigates the risk of detection. DNS lookups fit this description, as they can be done using external tools and do not require any interaction with the target's network, allowing a penetration tester to map out the structure of the domain discreetly.
Learn More
AI Generated Content may display inaccurate information, always double-check anything important.
What tools can be used for DNS lookups during passive reconnaissance?
What are subdomains, and why are they important in penetration testing?
How does passive reconnaissance differ from active reconnaissance?